HomeCVE Intelligence › CVE-2026-45727
CVSS 7.5 HIGH Vulnerability

CVE-2026-45727: CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve lead…

The cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakserv…

7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-45727
Vendorpip
Affected Productcloakbrowser
Vulnerability TypeVulnerability
CVSS Score7.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

The cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakserve port can supply a crafted fingerprint value containing path traversal sequences to resolve user_data_dir outside the configured data_dir. When Chrome fails to start or the process is cleaned up, shutil.rmtree() deletes the traversed path, resulting in arbitrary directory deletion. Additionally, cloakserve bound to 0.0.0.0 by default, making it network-exposed.

Impact An attacker with network access to the cloakserve port can delete arbitrary directories accessible to the service user.

Patches Fixed in v0.3.28.

Mitigations - Upgrade to v0.3.28 or

🎯 Known Indicators of Compromise

{"type":"ipv4","value":"0.0.0.0","confidence_score":0.88,"first_seen":"2026-05-18","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-45727 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence